> 1.) Attacker uses apache remote exploit (or other means) to obtain > your /etc/shadow file (not a remote shell, just GET the file > without that fact being logged); I don't mean to thread-hijack, but I'm curious, if apache runs as its own non-root user and /etc/shadow is root-owned and 0400, then how could any exploit of software not running as root ever have access to that file?? _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: an actual hacked machine, in a preserved state
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: an actual hacked machine, in a preserved state
- From: email builder <emailbuilder88@xxxxxxxxx>
- Date: Thu, 5 Jan 2012 20:13:52 -0800 (PST)
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <4F060D59.6060003@peacefire.org>
- Follow-Ups:
- Re: an actual hacked machine, in a preserved state
- From: Lamar Owen
- Re: an actual hacked machine, in a preserved state
- From: Les Mikesell
- Re: an actual hacked machine, in a preserved state
- From: Corey Henderson
- Re: an actual hacked machine, in a preserved state
- References:
- an actual hacked machine, in a preserved state
- From: Bennett Haselton
- Re: an actual hacked machine, in a preserved state
- From: Lamar Owen
- Re: an actual hacked machine, in a preserved state
- From: Bennett Haselton
- Re: an actual hacked machine, in a preserved state
- From: Johnny Hughes
- Re: an actual hacked machine, in a preserved state
- From: Bennett Haselton
- an actual hacked machine, in a preserved state
- Prev by Date: Re: swap labeling annoyance
- Next by Date: Re: sa-update error with perl
- Previous by thread: Re: an actual hacked machine, in a preserved state
- Next by thread: Re: an actual hacked machine, in a preserved state
- Index(es):
 |